Jump to content
RESET Forums (homeservershow.com)

Sophos Copernicus is now out of Beta and Has a New Name, Sophos XG Firewall

itGeeks

By itGeeks,
in Networking

 Share Followers 4

Recommended Posts

Drashna Jaelre

Drashna Jaelre 159

Posted
Posted

Sorry it did not help. I don't have the time right now to mess with it. Here is the section on the manual for email protection http://docs.sophos.com/nsg/sophos-firewall/v15010/Help/en-us/webhelp/onlinehelp/index.html#page/onlinehelp%2FEmailProtection.html%23

 

Please let us know if you get it working and how you got it working.

There's a manual?! :)

Link to post
Share on other sites
  • Replies 300
  • Created
  • Last Reply

Top Posters In This Topic

  • itGeeks

    92

  • nrf

    53

  • pcdoc

    46

  • psykix

    40

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

nrf

for intrusion prevention, the equivalent in UTM9 is the 'attack patterns' tab on the intrusion prevention page. since I am not hosting internet services I orient both toward protecting clients. on XG

itGeeks

Here is what Sophos had to say about this brand new platform- https://blogs.sophos.com/2015/11/10/sophos-xg-firewall-a-network-security-ecosystem-with-many-innovations/#more-30035   You can downloa

pcdoc

Well I was almost there this weekend but had to bail out.  Got everything working very well such as port forwarding, filtering, application policies etc.  Got my home automation, cameras, and streamin

nrf

nrf 135

Posted
Posted (edited)

so, anyone have new wisdom to share on this piece of work? clearly it doesn't do the native ipv6 the way utm 9 does. it got the /64 subnet but that all disappeared after a while not to be seen again. It also seems 'touchy' (easy to upset it) and changes seem to take some time to be implemented.

 

so far it has been ok running my work VPN connection.

Edited by nrf
Link to post
Share on other sites
Drashna Jaelre

Drashna Jaelre 159

Posted
Posted

so, anyone have new wisdom to share on this piece of work? clearly it doesn't do the native ipv6 the way utm 9 does. it got the /64 subnet but that all disappeared after a while not to be seen again. It also seems 'touchy' (easy to upset it) and changes seem to take some time to be implemented.

 

so far it has been ok running my work VPN connection.

Wisdom?

 

Stay on UTM for the next few months.  See if they work out all the kinks and fix the GLARING ISSUES that XG Firewall has. 

 

That's what I'm doing. I've actually already reverted. Yes, it was that bad.

Link to post
Share on other sites
nrf

nrf 135

Posted
Posted (edited)

Besides the fact that ipv6 (native) is not there for me, I was able to go through and set up a custom web filter policy and apply it to the default policy rule and configure an intrusion prevention policy to my liking and apply that as well. I also inserted a rule blocking certain outgoing services (SMB for one). nothing really horrible showed up doing those. I remember doing similar operations on utm 9. I have yet to venture into 'opening a port' or setting exceptions to web filtering.

 

I split off a second IP for the XG firewall and only have one client behind it for now. Everything important is on the UTM9 side.

Edited by nrf
Link to post
Share on other sites
itGeeks

itGeeks 187

Posted
  • Author
Posted

Besides the fact that ipv6 (native) is not there for me, I was able to go through and set up a custom web filter policy and apply it to the default policy rule and configure an intrusion prevention policy to my liking and apply that as well. I also inserted a rule blocking certain outgoing services (SMB for one). nothing really horrible showed up doing those. I remember doing similar operations on utm 9. I have yet to venture into 'opening a port' or setting exceptions to web filtering.

 

I split off a second IP for the XG firewall and only have one client behind it for now. Everything important is on the UTM9 side.

Could you go into detail on your custom web filter & intrusion prevention policy's?

Link to post
Share on other sites
nrf

nrf 135

Posted
Posted (edited)

for intrusion prevention, the equivalent in UTM9 is the 'attack patterns' tab on the intrusion prevention page. since I am not hosting internet services I orient both toward protecting clients. on XG the equivalent is in objects / policies / intrusion prevention. I chose the 'lantowan_general', opened its filter, and touched it up by turning off any server type checkboxes under Category, the platform items for which I have no clients using the platform, and the 'server' target. I did not mess with the big matrix of actions on the right 70% of the page. Then on Policies I edited '#Default_Network_Policy'. In the 'Policy for User Applications' properties area I chose lantowan_general in the pulldown for 'intrusion prevention'.

 

for web filter policies, the equivalent in UTM9 is web protection / filtering options / Categories. in XG it is Protection / Web Protection / Web Filter Policies. I added a new one, choosing to clone 'CIPA compliance' as a starting point, then removed and added items from the list until I had a set to my liking. Since my home is populated with adults I only chose those of a protective nature like advertisements, parked domains, spyware & malware, your choice as always... Then I went to '#Default_Network_Policy' and applied my filter on the pulldown for Web Filter.

 

granted these are beginner items, I hope this helps. as I mentioned before I have a ways to go. but at least I did not have to create a bunch of defined objects to get this far.

Edited by nrf
  • Like 2
Link to post
Share on other sites
itGeeks

itGeeks 187

Posted
  • Author
Posted (edited)

for intrusion prevention, the equivalent in UTM9 is the 'attack patterns' tab on the intrusion prevention page. since I am not hosting internet services I orient both toward protecting clients. on XG the equivalent is in objects / policies / intrusion prevention. I chose the 'lantowan_general', opened its filter, and touched it up by turning off any server type checkboxes under Category, the platform items for which I have no clients using the platform, and the 'server' target. I did not mess with the big matrix of actions on the right 70% of the page. Then on Policies I edited '#Default_Network_Policy'. In the 'Policy for User Applications' properties area I chose lantowan_general in the pulldown for 'intrusion prevention'.

 

for web filter policies, the equivalent in UTM9 is web protection / filtering options / Categories. in XG it is Protection / Web Protection / Web Filter Policies. I added a new one, choosing to clone 'CIPA compliance' as a starting point, then removed and added items from the list until I had a set to my liking. Since my home is populated with adults I only chose those of a protective nature like advertisements, parked domains, spyware & malware, your choice as always... Then I went to '#Default_Network_Policy' and applied my filter on the pulldown for Web Filter.

 

granted these are beginner items, I hope this helps. as I mentioned before I have a ways to go. but at least I did not have to create a bunch of defined objects to get this far.

Nice work and thanks for the detailed explanation. I also have "intrusion prevention" set lantowan_general. I have not fined tuned anything in the "web filter" as we are all adults in the house also but I do want to take a look into more detail of your 'web filter" policy for use in my environment. Please keep us updated as the progress flows as there is always something to be learned :)

 

Thanks again for taking the time...

Edited by itGeeks
Link to post
Share on other sites
Jason

Jason 84

Posted
Posted

Wisdom?

 

Stay on UTM for the next few months. See if they work out all the kinks and fix the GLARING ISSUES that XG Firewall has.

 

That's what I'm doing. I've actually already reverted. Yes, it was that bad.

Thanks for the warning. I'm just catching up on this thread from the holiday and couldn't be more glad I'm late to the party! Typically I would've jumped onto XG but don't have time or sanity to waste on it. I trust your judgment. Am sticking with UTM 9.3 for now.

 

What is best process to record settings from UTM 9.3 when ultimately migrating to XG since it's not an upgrade? When I moved from pfsense to Sophos UTM it was painful. Trying to use this time to map best approach.

 

I don't have extra hardware around to be building another box to run XG unless that's what I should be planning to do?

 

 

Sent from my iPhone using Tapatalk

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Followers 4
Go to topic listing
×
×
  • Create New...